The Honeynet Project

We are happy to be able to announce the successful completion of The Honeynet Project's participation in DARPA's Cyber Fast Track program with our Web Application Honeypot project.

Imperva's recent Web Application Attack Report shows the picture of large scale automated threats towards web applications. Adversaries are basically scanning millions of web applications for vulnerabilities every day and a single successful infection increases their army of workers and thereby their capability for doing more damage. Without a specific target, attackers can leverage automated tools and search engines excellent information aggregation service to find their victims, identify the vulnerability, and launch an attack.

The majority of web application attacks target the web application's database. These - so called SQL injection attacks - manipulate the underlying database by providing user input that - due to the vulnerability in the web application - is converted into SQL statements. The main goal of this project was the development of a SQL injection vulnerability emulator that goes beyond the collection of SQL vulnerability probings. It deceives the adversary with crafted responses matching his request into sending us the malicious payload which could include all kinds of malicious code.
The project is being released as open-source and installation instructions can be found on the project page.

A detailed report was created as part of the project.